Bitcoin Forum
February 23, 2020, 05:56:59 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Security of a message signed with bitcoin-core  (Read 114 times)
uldbitcoin
Newbie
*
Offline Offline

Activity: 3
Merit: 1


View Profile
February 10, 2020, 03:29:50 PM
Merited by vapourminer (1)
 #1

Hi everyone.
I want to sign a message to prove ownership of a bitcoin address.

Since bitcoin core can't sign segwit addresses, I generate a legacy address in debug console.

I used built-in feature to sign a message with this address and my private key.

I just wanted to know if it is really safe to disclose : message, public key, signed hash to open world.
There's really no chance of anyone finding my private key from the signed hash ?

I'm just wondering because if this feature is not possible in bitcoin-core client for segwit address, maybe it's for a security reason...
1582437419
Hero Member
*
Offline Offline

Posts: 1582437419

View Profile Personal Message (Offline)

Ignore
1582437419
Reply with quote  #2

1582437419
Report to moderator
1582437419
Hero Member
*
Offline Offline

Posts: 1582437419

View Profile Personal Message (Offline)

Ignore
1582437419
Reply with quote  #2

1582437419
Report to moderator
100% First Deposit Bonus Instant Withdrawals Best Odds 10+ Sports Since 2014 No KYC Asked Play Now
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1582437419
Hero Member
*
Offline Offline

Posts: 1582437419

View Profile Personal Message (Offline)

Ignore
1582437419
Reply with quote  #2

1582437419
Report to moderator
1582437419
Hero Member
*
Offline Offline

Posts: 1582437419

View Profile Personal Message (Offline)

Ignore
1582437419
Reply with quote  #2

1582437419
Report to moderator
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1652
Merit: 1550


https://bit.ly/387FXHi ← lightning theory


View Profile
February 10, 2020, 03:34:32 PM
Merited by OgNasty (1)
 #2

There's technically always a chance but it's much like signing a transaction and offers the same security.

If you have a modern computer the random nber it generates should be good enough to keep your private key secure...

Message digest, message and public key can all be released publicly and are when a transaction is signed and broadcast to the blockchain anyway.

Royse777
Legendary
*
Offline Offline

Activity: 938
Merit: 1143


Translation (Eng <> Russ): https://bit.ly/2NFg4H0


View Profile
February 10, 2020, 03:36:47 PM
Merited by OgNasty (1)
 #3

As long as your private key is safe, you will not need to be worry about anything else. Also it does not matter if you have signed it using Bitcoin core or anything else.

I think Jackg also said the same thing above.

.
.
.
▄███████████████████▄
█████████████████████
████████████▀▀░░░░███
███████████▌░░░░░░███
███████████░░░░██████
███████████░░░░██████
████████░░░░░░░░░░▐██
████████░░░░░░░░░░███

███████████░░░░██████

███████████░░░░██████

███████████░░░░██████

███████████░░░░██████

▀██████████░░░░█████▀
▄███████████████████▄
█████████████████████
█████████████████████
████▀██████▀░░░▀▀▄███
████░░▀▀███░░░░░░▄███
████▀░░░░░░░░░░░▐████
████▄░░░░░░░░░░░█████
█████▀░░░░░░░░░▄█████

████▀█▄░░░░░░░▄██████

█████▄░░░░░▄▄████████

█████████████████████

█████████████████████

▀███████████████████▀
▄███████████████████▄
█████▀▀▀▀▀▀▀▀▀▀▀█████
███░░░▄▄▄▄▄▄▄▄▄░░░███
██░░▄█████████▀▀▄░░██
██░░███▀▀░░░▀▀▄▄█░░██
██░░██▀░▄███▄░▀██░░██
██░░██░░█████░░██░░██
██░░██▄░▀███▀░▄██░░██

██░░███▄▄░░░▄▄███░░██

██░░▀███████████▀░░██

███░░░▀▀▀▀▀▀▀▀▀░░░███

█████▄▄▄▄▄▄▄▄▄▄▄█████

▀███████████████████▀
▄███████████████████▄
█████████████████████
█████████████████████
██████████████▀▀▀████
██████████▀▀░░░░▐████
██████▀▀░░░▄▀░░░█████
████░░░░▄▄▀░░░░▐█████
██████▄▐█░░░░░░██████

███████▌▌░░░░░▐██████

████████▄██▄▄░███████

█████████████████████

█████████████████████

▀███████████████████▀
.
uldbitcoin
Newbie
*
Offline Offline

Activity: 3
Merit: 1


View Profile
February 10, 2020, 03:40:05 PM
 #4

Thanks folks for fast answer !  Wink
ranochigo
Legendary
*
Offline Offline

Activity: 1932
Merit: 1269

Back online:)


View Profile WWW
February 10, 2020, 04:17:54 PM
Last edit: February 11, 2020, 01:41:23 AM by ranochigo
Merited by vapourminer (1)
 #5

I just wanted to know if it is really safe to disclose : message, public key, signed hash to open world.
There's really no chance of anyone finding my private key from the signed hash ?

There is a chance. ECDSA hash signatures can be reverse engineered to produce the private key if the variables used in the signature generation is not random enough. In addition, the private keys can also be derived from the public key by a sufficiently powerful quantum computer and the luxury of the time.

With the current state of technology (and the latest Bitcoin Core) , its nothing to be worried about and there isn't more risk from this than to send a transaction.
I'm just wondering because if this feature is not possible in bitcoin-core client for segwit address, maybe it's for a security reason...
It isn't a security issue but more of the fact that there isn't any standards for signing messages with bech32 addresses yet.

uldbitcoin
Newbie
*
Offline Offline

Activity: 3
Merit: 1


View Profile
February 10, 2020, 04:29:01 PM
 #6

I just wanted to know if it is really safe to disclose : message, public key, signed hash to open world.
There's really no chance of anyone finding my private key from the signed hash ?

There is a chance. ECDSA hash functions can be reverse engineered to produce the private key if the variables used in the hash generation is not random enough. In addition, the private keys can also be derived from the public key by a sufficiently powerful quantum computer and the luxury of the time.

With the current state of technology (and the latest Bitcoin Core) , its nothing to be worried about and there isn't more risk from this than to send a transaction.
I'm just wondering because if this feature is not possible in bitcoin-core client for segwit address, maybe it's for a security reason...
It isn't a security issue but more of the fact that there isn't any standards for signing messages with bech32 addresses yet.

Thanks for clarification. I understand there's a "chance" but it's as highly improbable as finding my bitcoins in https://lbc.cryptoguru.org/dio/  :-D :-)

For standard and daily use, I understand there is nothing to worry about, great !
BrewMaster
Hero Member
*****
Offline Offline

Activity: 1456
Merit: 953


There is trouble abrewing


View Profile
February 10, 2020, 04:50:02 PM
 #7

If you have a modern computer the random nber it generates should be good enough to keep your private key secure...

first of all security of RNG has nothing to do with the computer being modern, it is about how it was implemented.
secondly there are no random numbers being generated when creating a signature (both during message signing or transaction signing). everything is being done deterministically, meaning nonce is generated using your key and the message utilizing HMAC function.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1918
Merit: 2208

Use SegWit and enjoy lower fees.


View Profile WWW
February 11, 2020, 12:15:47 PM
 #8

secondly there are no random numbers being generated when creating a signature (both during message signing or transaction signing). everything is being done deterministically, meaning nonce is generated using your key and the message utilizing HMAC function.

Wrong, k value must be randomly generated. 2 signature with same k value can be used to find out private key of your Bitcoin.

BrewMaster
Hero Member
*****
Offline Offline

Activity: 1456
Merit: 953


There is trouble abrewing


View Profile
February 11, 2020, 05:26:00 PM
Merited by vapourminer (1), ETFbitcoin (1), HeRetiK (1), Heisenberg_Hunter (1)
 #9

secondly there are no random numbers being generated when creating a signature (both during message signing or transaction signing). everything is being done deterministically, meaning nonce is generated using your key and the message utilizing HMAC function.

Wrong, k value must be randomly generated. 2 signature with same k value can be used to find out private key of your Bitcoin.

k has to be a number that can not be guessed. that is why it is suggested to choose a random one, but later on they realized that you can't rely on RNGs so they came up with a new idea to generate it deterministically using your private key and the message being signed. that is why when you sign same message with same private key you always get the same exact signature. check out RFC-6979 for more details.

in fact nowadays most wallet only use an RNG once per wallet and that is when you create the wallet to generate your seed then every future private key and every signature's k is being generated deterministically without needing RNGs anymore.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1918
Merit: 2208

Use SegWit and enjoy lower fees.


View Profile WWW
February 12, 2020, 04:18:46 AM
 #10

secondly there are no random numbers being generated when creating a signature (both during message signing or transaction signing). everything is being done deterministically, meaning nonce is generated using your key and the message utilizing HMAC function.

Wrong, k value must be randomly generated. 2 signature with same k value can be used to find out private key of your Bitcoin.

k has to be a number that can not be guessed. that is why it is suggested to choose a random one, but later on they realized that you can't rely on RNGs so they came up with a new idea to generate it deterministically using your private key and the message being signed. that is why when you sign same message with same private key you always get the same exact signature. check out RFC-6979 for more details.

in fact nowadays most wallet only use an RNG once per wallet and that is when you create the wallet to generate your seed then every future private key and every signature's k is being generated deterministically without needing RNGs anymore.

I'm stand corrected, i completely forget about RFC-6979 and thinking about ECDSA in theory.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!